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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, how/ever, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )S Responsive to communication(s) filed on 24 March 2003 . 
2a)S This action is FINAL. 2b)n This action is non-final. 

3) n Since this application is in condition for allowance except for fornnai matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
Disposition of Claims 

4) ^ Claim(s) 1-56 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) 13 Claim(s) 1-56 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

S)\3 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9)n The specification is objected to by the Examiner. 

10) 0 The drawing(s) filed on is/are: a)n accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

11) 0 The proposed drawing correction filed on is: a)n approved b)n disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) 0 The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

13) 0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

aOAII b)n Some*c)n None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) 0 Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) 0 Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 
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DETAILED ACTION 



Response to Arguments 



1 . Applicant's arguments filed 3/24/03 have been fully considered but tliey are not 
persuasive. The Examiner agrees with the Applicants observation that claims 48-49 
stand rejected under 35 USC 102 (e) as being unpatentable over Goldsmith. 

2. The Applicant argues that the crucial limitations of his application is that there is 
an activity log being generated, that delegates can review their specific logs from 
different locations and that a user can view all reports. The Examiner submits that 
Corporate/Business Credit Cards do the same thing as what the Applicant is proposing. 
Credit cards are issued to appropriate employees who use them for company business 
trips or purchases. At any time, the employee can review their expenditures to date and 
the company can review all accounts. There is nothing unique or original about 
corporate credit cards where each department can review their own expenditures to 
date and no other department and the company can review any or all the different 
department activities at any time. The activity log is a standard log of transactions 
common to any credit card account. The Examiner to support that the aforementioned 
obviousness provides Vance et al. U.S. 6,442,526. Vance et al. U.S. 6,442,5 is provided 
because the Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. 
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The Applicant alleges that Goldsmith teaches nothing about 



receiving transaction request from a plurality of daily users, and only allowing specified 
users to view the results. Goldsmith teaches about " a financial institution computer 
system 6 that maintains a data base of user accounts 8" Col. 2, lines 60-65. Goldsmith 
further teaches, " The clearing house computer 10 processes transactions from 
numerous point of transactions and routes the transactions...." Col. 2, lines 60-65, and " 
... multi-tasking ... multiple transactions for different accounts 8 or multiple transactions 
for a single account 8. Col. 7, lines 28-32. Goldsmith addresses "only allowing specified 
users to view the results" in the BACKGROUND OF THE RELATED ART section in his 
discussion of the authentication systems utilizing account passwords. As shown by the 
aforementioned references in Goldsmith, Goldsmith teaches the limitations of Claims 
48-49. 

As per claims 1-8, 10, 12-18, 20, 22-37, 39, 41 and 47 the Applicant argues that 
the " ... activity log is crucial to the claimed invention." As stated in the previous Office 
Action, Anderson discloses the claimed invention except for the storing a result of the 
verification in an activity log. Anderson shows bank statements (Fig. 12). It would have 
been obvious to one having ordinary skill in the art at the time of the invention was 
made to have an activity log since it is known in the art that bank statements are 
generated by user account activity and is not unique or original in concept or use. 
The Applicant further states, " The rejection admits that Anderson does not teach or 
suggest storing the results of the verification in an activity log. " The Examiner disagrees 
and in fact had stated that Anderson does in fact suggest the use of an activity log in the 
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Office Action. PTO's guide lines for exannining claimed language require: the examiner 
must make a determination, whether the claimed invention " as a whole" would have 
been obvious at the time of the invention to one of ordinary skill in the art. See MPEP 
2142. In these pending claims, the examiner submits that the particular language does 
not serve as a limitation on the claim (i.e., "activity log") and so stated in the previous 
Office Action . 

As per claims 9,19, and 38 the Applicant purports that Anderson in view of 
Yocobi does not teach or suggest storing information in a central location and allowing 
specific access to the information. These two limitations have been previously 
addressed in reference to a "bank statement" which comes from a central location and 
the authentication system that limits specific users access to an account's information. 



Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject nnatter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1-8, 10,1 2-1 8,20,22-37,39,41 ,45,47are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Anderson et al. US 6,021,202 [Anderson 202], and in 
further view of Vance et al.- U.S. 6,442,526 [Vance 526]. 
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As per claims 1,13,23,30,32. 
Anderson [202] teaches: 

verifying a use of a digital credential by a user of a digital credential, at any of a 
plurality of different locations where the digital credential can be used; CoL6, lines 42- 
54. Anderson [202] discloses the claimed invention except for the storing a result of the 
verification in an activity log in a central location that communicates with each of said 
plurality of different locations; and allowing specified users to access said result. 
However, Anderson [202] does disclose, "... send bank statements ... which reflects 
events of the transaction..." Col. 6, lines 5-58. 

Vance '526 teaches that it is known in the art to provide storing the result of the 
verification in an activity log in a central location , that communicates with each of said 
plurality of different locations; and allowing specified users to access said result. Col. 
12,13,14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to provide the detail in Anderson *202 about storing a result of the 
verification in an activity log in a central location that communicates with each of said 
plurality of different locations; and allowing specified users to access said result as 
taught by Vance '526, in order to clarify the generation and use of bank/transaction 
statements. 
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As per claims 2,14,24,31. 

Anderson [202] discloses the claimed invention except for storing transaction 
information in the activity log. However, Anderson [202] does disclose, "... send bank 
statements ... which reflects events of the transaction..." Col. 6, lines 5-58. Vance '526 
teaches storing transaction information in the activity log. Col. 12,13,14. It would have 
been obvious to one having ordinary skill in the art at the time the invention was made 
to store the results of a transaction so that at a later time a bank/transaction statement 
could be generated. 

As per claims 3,15,25,28,33,47 
Anderson [202] further discloses: 

wherein the transaction information includes at least one of a message that was 
signed using a digital signature key of the digital credential, a value of a transaction, an 
online service, an internet protocol (IP) address, a date of the transaction and a time of 
the transaction. Col. 25, lines 64-67, Col. 26, lines 1-35. 

As per claim 4,16. 

Anderson [202] discloses the claimed invention except for generating an activity 
report from the activity log, wherein the activity report lists the stored results. However, 
Anderson [202] does disclose, "... send bank statements ... which reflects events of the 
transaction..." Col. 6, lines 5-58. It would have been obvious to one having ordinary skill 
in the art at the time the invention was made to store the results of a transaction so that 
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at a later time an activity report from the activity log [a bank statement] could be 
generated. 

As per claims 5,17,34. 
Anderson [202] further discloses: 

associating a name to a digital signature key of the digital credential, wherein the 
activity report lists the name of the digital signature key. Fig,6, Col. 25, lines 64- 
67, Col. 26, lines 1-35. 

As per claim 6,35. 

Anderson [202] discloses the claimed invention except for wherein generating the 
activity report includes generating the activity report upon request by an owner of the 
digital credential. However, Anderson [202] does disclose, "... provide statements or 
reports to the payer and the payee..." Col. 30, lines 19-29. It would have been obvious 
to one having ordinary skill in the art at the time the invention was made to generate an 
activity report based upon the request by an owner (payee/payer) of the digital 
credential. 

As per claim 7,36. 

Anderson [202] discloses the claimed invention, as discussed above, except for 
the step of wherein generating the activity report includes generating the activity report 
each time the digital credential is verified. It would have been an obvious matter of 
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design choice to modify the teachings of Anderson [202], to provide the step of wherein 
generating the activity report includes generating the activity report each time the digital 
credential is verified. Since the applicant has not disclosed that generating the activity 
report includes generating the activity report each time the digital credential is verified 
solves any stated problem in a new or unexpected way or is for any particular purpose 
which is unobvious to one of ordinary skill and it appears that the claimed feature does 
not distinguish the invention over similar features in the prior art since, the teachings of 
Anderson [202] will perform the invention as claimed by the applicant with any method, 
means, or product to generate an activity report that includes generating the activity 
report each time the digital credential is verified. 

As per claim 8,37. 

Anderson [202] discloses the claimed invention, as discussed above, except for 
the step of generating a report periodically. It would have been an obvious matter of 
design choice to modify the teachings of Anderson [202], to provide the step of 
generating a report periodically. Since the applicant has not disclosed that generating a 
report periodically solves any stated problem in a new or unexpected way or is for any 
particular purpose which is unobvious to one of ordinary skill and it appears that the 
claimed feature does not distinguish the invention over similar features in the prior art 
since, the teachings of Anderson [202] will perform the invention as claimed by the 
applicant with any method, means, or product to generating a report periodically. 



Application/Control Number: 09/608,402 Page 9 

Art Unit: 3621 

As per claims 10,20,39. 

Anderson [202] discloses the claimed invention except for wherein generating the 
activity report includes listing activity for a plurality of digital, signature keys associated 
with the owner and wherein said allowing compromises allowing said user to view all 
reports, but allowing each said delegate to view only their own activity reports for other 
delegates. However, Anderson [202] does disclose, "... provide statements or reports to 
the payer and the payee..." Col. 30, lines 19-29. 

Vance '526 teaches that it is known in the art to generate an activity report which 
includes activity reports of the delegates of the user and wherein said allowing 
comprises allowing said user to view all reports, but allowing each said delegate to view 
only their own activity report, and not allowing each said delegate to view reports for 
other delegates. Col. 12,13,14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to provide the detail in Anderson *202 about generating an activity 
report which includes activity reports of the delegates of the user and wherein said 
allowing comprises allowing said user to view all reports, but allowing each said 
delegate to view only their own activity report, and not allowing each said delegate to 
view reports for other delegates as taught by Vance '526, in order to maintain the 
integrity of the tracking/reporting system. 



As per claims 12.22,41. 
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Anderson [202] discloses the claimed invention except for generating an activity 
report which includes activity reports of the delegates of the user and wherein said 
allowing comprises allowing said user to view all reports, but allowing each said 
delegate to view only their own activity report, and not allowing each said delegate to 
view reports for other delegates. However, Anderson [202] does disclose, "... provide 
statements or reports to the payer and the payee..." Col. 30, lines 19-29. 

Vance '526 teaches that it is known in the art to generate an activity report which 
includes activity reports of the delegates of the user and wherein said allowing 
comprises allowing said user to view all reports, but allowing each said delegate to view 
only their own activity report, and not allowing each said delegate to view reports for 
other delegates. Col. 12,13,14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to provide the detail in Anderson *202 about generating an activity 
report which includes activity reports of the delegates of the user and wherein said 
allowing comprises allowing said user to view all reports, but allowing each said 
delegate to view only their own activity report, and not allowing each said delegate to 
view reports for other delegates as taught by Vance '526, in order to maintain the 
integrity of the tracking/reporting system. 

As per claim 18. 

Anderson [202] discloses the claimed invention, as discussed above, except for 
the step of wherein the computer-executable instructions cause the computer to 
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generate the activity report upon receiving a request by an owner of the digital 
credential, and wherein said allowing comprises allowing said user to view all reports, 
but allowing each said delegate to view only their own activity report, and not allowing 
each said delegate to view reports for other delegates. 

It would have been an obvious matter of design choice to modify the 
teachings of Anderson [202], to provide the step of generating the activity report upon 
receiving a request by an owner of the digital credential, periodically, or when the digital 
credential is verified. 

Vance '526 teaches that it is known in the art to generate an activity report which 
includes activity reports of the delegates of the user and wherein said allowing 
comprises allowing said user to view all reports, but allowing each said delegate to view 
only their own activity report, and not allowing each said delegate to view reports for 
other delegates. Col. 12,13,14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to provide the detail in Anderson '202 about generating an activity 
report which includes activity reports of the delegates of the user and wherein said 
allowing comprises allowing said user to view all reports, but allowing each said 
delegate to view only their own activity report, and not allowing each said delegate to 
view reports for other delegates as taught by Vance '526, in order to maintain the 
integrity of the tracking/reporting system. 



As per claim 26. 
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Anderson [202] discloses the claimed invention except for comprising an owner 
database to store information of an owner of the digital credential and owner-approved 
delegates and wherein said communication element allows said owner to view all 
reports, but allows each said delegate to view only their own report, and not reports for 
other delegates. However, Anderson [202] does disclose , "... memory may contain 
certification information..." Col. 12, lines 57-65, 

Vance '526 teaches that it is known in the art to have an owner database to 
store information of an owner of the digital credential and owner-approved delegates 
and wherein said communication element allows said owner to view all reports, but 
allows each said delegate to view only their own report, and not reports for other 
delegates. Col. 12,13,14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to provide the detail in Anderson '202 about generating an activity 
report which includes activity reports of the delegates of the user and wherein said 
allowing comprises allowing said user to view all reports, but allowing each said 
delegate to view only their own activity report, and not allowing each said delegate to 
view reports for other delegates as taught by Vance '526, in order to maintain the 
integrity of the tracking/reporting system. 



As per claim 27. 
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Anderson [202] discloses the claimed invention except for a first data field to 
store a result from an verification of a digital credential by a user of a digital credential at 
any of a plurality of different locations where the digital credential can be used. 
However, Anderson [202] does disclose , "... send bank statements ... which reflects 
events of the transaction..." Col. 6, lines 5-58. It would have been obvious to one having 
ordinary skill in the art at the time the invention was made to store a result from a 
verification of a digital credential by a user of a digital credential at any of a plurality of 
different locations where the digital credential can be used allowing specified user's to 
access said results so that at a later time [a bank statement] could be generated. 

Anderson [202] discloses the claimed invention except for a plurality of data 
fields to store transaction information relating to each verification result in a central 
location that communicates with each of said plurality of different locations; and a data 
access structure, allowing specified user's to access said results. Vance '526 teaches 
that it is known in the art to provide a plurality of data fields to store transaction 
information relating to each verification result in a central location that communicates 
with each of said plurality of different locations; and a data access structure, allowing 
specified user's to access said results. Col. 12,13,14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to provide the detail in Vance '526 about a plurality of data fields to 
store transaction information relating to each verification result in a central location that 
communicates with each of said plurality of different locations; and a data access 
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structure, allowing specified user's to access said results as taught by Vance '526, in 
order to maintain the integrity of the tracking/reporting system. 



As per claim 29, 

Anderson [202] discloses the claimed invention except for the data structures 
further include a plurality of data fields to store owner and delegate information. 
However, Anderson [202] does disclose , "... memory may contain certification 
information..." Col. 12, lines 57-65. It would have been obvious to one having ordinary 
skill in the art at the time the invention was made to have memory that could hold the 
data structures that include a plurality of data fields to store owner and delegate 
information to provide a complete list of who is authorized to use the certificate , 



As per claim 45, 
Goldsmith'990 further discloses ; 

wherein the use information includes transaction information. Col.8, lines 1-27 
Anderson [202] discloses the claimed invention except for allowing comprises 
allowing said user to view all reports, but allowing each said delegate to view only their 
own activity report, and not allowing each said delegate to view reports for other 
delegates. However, Anderson [202] does disclose , "... provide statements or reports to 
the payer and the payee..." Col. 30, lines 19-29. 

Vance '526 teaches that it is known in the art to wherein said allowing comprises 
allowing said user to view all reports, but allowing each said delegate to view only their 
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own activity report, and not allowing each said delegate to view reports for other 
delegates. Col. 12,13.14. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to include in Anderson '202 about generating activity reports of the 
delegates of the user and wherein said allowing comprises allowing said user to view all 
reports, but allowing each said delegate to view only their own activity report, and not 
allowing each said delegate to view reports for other delegates as taught by Vance '526, 
in order to maintain the integrity of the tracking/reporting system. 



4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 48-49 are rejected under 35 U.S.C. 103(a) as being unpatentable over 

Goldsmith US 6,064,990 [Goldsmith'990], and in further view of Vance '526. 

As per claim 48. 
Goldsmith'990 discloses; 

receiving transaction requests from a plurality of delegate users who are 
delegated from an owner,Col.2, lines 60-67 



Claim Rejections - 35 USC § 103 
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wherein the transaction requests include digital credentials for the users; Col. 2, 
lines 55-60 

processing the transaction requests; Col. 2, lines 60-67 
connmunicating transaction information to a central service, Col. 2, lines 60-67 
wherein the transaction information includes the digital credentials of the users. 
Col. 2, lines 50-55. 

Goldsmith '990 discloses the claimed invention except for the wherein said allowing 
comprises allowing said user to view all reports, but allowing each said to view only their 
own activity report, and not allowing each said delegate to view reports for other 
delegates. 

Vance '526 teaches that it is known in the art to provide a wherein said allowing 
comprises allowing said user to view all reports, but allowing each said to view only their 
own activity report, and not allowing each said delegate to view reports for other 
delegates. It would have been obvious to one having ordinary skill in the art at the time 
the invention was made to provide the transaction request involving digital credentials of 
Goldsmith '990 with the ability of a user (corporation) to view all reports, but allowing 
each said to view only their own activity report, and not allowing each said delegate to 
view reports for other delegates, in order to maintain control and security of corporation 
expenditures. 
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As per claim 49. 
Goldsmith further discloses; 

wherein processing the transaction requests includes communicating the digital 
credentials to the central service for verification. Fig. 1,10 



Claims 9,19,38 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Anderson [202], and further in view of Yacobi US 5,878,138 -Yacobi [138] 

As per claims 9,19,38. 

Anderson [202] discloses the claimed invention except for the analyzing the 
activity log to detect misuse of the digital credential. However, Anderson [202] does 
disclose "Solutions to the problem of potential fraudulent usage ...must be built into the 
system at each stage..." Col. 36, lines 32-35. Yacobi [138] teaches that it is known to 
analyze the activity log to detect misuse of the digital credential. It would have been 
obvious to one having ordinary skill in the art at the time the invention was made to 
analyze the activity log to detect misuse of the digital credential as taught by Yacobi 
[138], since Yacobi [138] states at col.4, lines 8-9 that such a modification would provide 
that once fraud is detected, further perpetuation is prevented. 

Claims 11,21,40 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Anderson [202] , and further in view of Sudia US 5,659,616 Sudia [616] 
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As per claims 11,21,40. 

Anderson [202] discloses the claimed invention except for the authorizing one or 
more delegates to use a delegated digital credential to act on behalf of the owner of the 
digital credential for specified functions, wherein verifying the use of the digital 
credential includes determining whether the delegated digital credential was authorized 
for the specific use. 

Sudia [616] teaches that it is known to authorize one or more delegates to use a 
delegated digital credential to act on behalf of the owner of the digital credential for 
specified functions, wherein verifying the use of the digital credential includes 
determining whether the delegated digital credential was authorized for the specific use. 

It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to authorize one or more delegates to use a delegated digital 
credential to act on behalf of the owner of the digital credential for specified functions, 
wherein verifying the use of the digital credential includes determining whether the 
delegated digital credential was authorized for the specific use as taught by Sudia [616], 
since Sudia [616] states at col. 14, lines 61-67, coL15, lines 1-12, that such a 
modification would provide flexibility in the use of the digital signature. 
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Claims 42-44 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Goldsmith US 6,064,990 [Goldsmith'990]. 

As per claim 42. 
Goldsmith '990 discloses; 

storing use information for a user; Col. 1, lines 53-55 

processing the use information; Col. 1 , lines 55-57 

generating an alert. Col. 1 , lines 57-64. 
Goldsmith '990 discloses the claimed invention, as discussed above, except for the step 
of storing use information for a digital of a plurality of delegates who are delegated to 
use said digital credential by an owner processing the use information for each of said 
plurality of delegates to detect misuse. However, Goldsmith'990 is providing usage 
information on the activity of data associated with the user. It would have been an 
obvious matter of choice to modify the teachings of Goldsmith '990, to provide the step 
of storing use information for a digital certificate or any other type of data associated 
with the user. Since the applicant has not disclosed that a digital certificate uniquely 
distinguishes itself from any other type of data which is unobvious to one of ordinary 
skill and it appears that the claimed feature does not distinguish the invention over 
similar features in the prior art since, the teachings of Goldsmith'990 will perform the 
invention as claimed by the applicant regardless of what the data is being used for or 
named. 

Goldsmith '990 discloses the claimed invention, as discussed above, except for 
the step of processing the use information to detect misuse. However, Goldsmith'990 
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does process the information if the authentication is breached or for any unauthorized 
activity. Col. 2, lines 5-10. It would have been an obvious matter of choice to modify the 
teachings of Goldsmith '990, to call breaching the authentication protocol or 
unauthorized activity as a misuse of an account. Since the applicant has not disclosed 
that term "misuse" distinguishes itself from any other type breaching or unauthorized 
activity which is unobvious to one of ordinary skill and it appears that the claimed 
feature does not distinguish the invention over similar features in the prior art since, the 
teachings of Goldsmith'990 will perform the invention as claimed by the applicant 
regardless of what the breaching or unauthorized activity is called. 

Goldsmith '990 discloses the claimed invention, as discussed above, except for 
the step of generating an alert to the owner when misuse is detected. However, 
Goldsmith'990 does immediately notify a user of account activity. Col. 2, lines 5-10. 
Goldsmith'990 does include notification of any user-designated misuse of their account. 
Since the applicant has not disclosed that generating an alert when misuse is detected 
distinguishes itself from any other type notification activity which is unobvious to one of 
ordinary skill and it appears that the claimed feature does not distinguish the invention 
over similar features in the prior art since, the teachings of Goldsmith'990 will perform 
the invention as claimed by the applicant and include misuse information in the user 
notification. 
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As per claim 43. 
Goldsmith'990 further discloses; 

generating an activity report based on the use information. Fig. 3 
As per claim 44. 

Goldsmith '990 discloses the claimed invention, as discussed above, except for 
the step of wherein generating an alert includes alerting a credential service provider. 
However, Goldsmith'990 does disclose transforming the account activity message into 
an e-mail message and transmitting the e-mail message to the user provided e-mail 
address. Col. 6, lines 58-65. The user provided e-mail addresses are only limited by the 
user's imagination. It would have been an obvious matter of choice to modify the 
teachings of Goldsmith '990, to include in the user's e-mail a credential service provider. 
Since the applicant has not disclosed that alerting a credential service provider 
distinguishes itself from alerting any other type of organization which is unobvious to 
one of ordinary skill and it appears that the claimed feature does not distinguish the 
invention over similar features in the prior art since, the teachings of Goldsmith'990 will 
perform the invention as claimed by the applicant regardless of who or what 
organization is alerted. 
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Claim 46 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Goldsmith'990 and further in view of Sudia'616. 

As per claim 46. 

Goldsmith'990 discloses the claimed invention except for that the use information 
includes verification information for the digital credential. Sudia'616 teaches that it is 
known to verify digital credentials. It would have been obvious to one having ordinary 
skill in the art at the time the invention was made to verify digital information as taught 
by Sudia'616 and issue a report as taught by Goldsmith'990. 

Claims 50-52 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Goldsmith'990 and further in view of Anderson'202 and Sudia'616. 

As per claim 50. 

Goldsmith'990 discloses the claimed invention except for the verifying the digital 
certificate and communicating the result of the verification to the credential service. 
Anderson'202 teaches that it is known to verify digital certificates. It would have been 
obvious to one having ordinary skill in the art at the time the invention was made to 
verify digital certificates as taught by Anderson'202, since Anderson'202 teaches at 
Col.6, lines 40-55 verification of digital certificates. 

Goldsmith'990 and Anderson'202 disclose the claimed invention except for 
communicating a result of the verification to the credential service. 

Sudia [616] teaches that it is known to verify the digital credential; and 
communicate the result of the verification to the credential service. 
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It would have been obvious to one having ordinary skill in the art at the time the 
invention was made to verify the digital credential; and communicate the result of the 
verification to the credential service as taught by Sudia [616], since Sudia [616] states at 
col. 14, lines 61-67, col. 15, lines 1-12, that such a modification would provide flexibility in 
the use of the digital signature. 

As per claim 51. 

Goldsmith'990 and Anderson *202 discloses the claimed invention except for 
receiving a activity report from the central service, wherein the activity report lists the 
transaction information for each digital credential. However, Anderson [202] does 
disclose , "... send bank statements ... which reflects events of the transaction..." Col.6, 
lines 5-58. It would have been obvious to one having ordinary skill in the art at the time 
the invention was made to store a result from a verification of a digital credential and a 
plurality of data fields to store transaction information relating to each verification result 
so that at a later time [a bank statement] could be generated. 

As per claim 52. 

Goldsmith'990 discloses the claimed invention except for wherein the transaction 
information includes at least one of a message that was signed, a transaction value, an 
online service, an internet protocol (IP) address, a value of the transaction, a date of the 
transaction and a the time of the transaction. 
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Anderson'202 discloses wherein the transaction information includes at least 
one of a message that was signed,. a transaction value, an online service, an internet 
protocol (IP) address, a value of the transaction, a date of the transaction and a the time 
of the transaction. It would have been obvious to one having ordinary skill in the art at 
the time the invention was made to wherein the transaction information includes at least 
one of a message that was signed, a transaction value, an online service, an internet 
protocol (IP) address, a value of the transaction, a date of the transaction and a the time 
of the transaction as taught by Anderson'202, since Anderson'202 shows in Fig.6 that 
transaction information includes at least one of a message that was signed, a 
transaction value, an online service, an internet protocol (IP) address, a value of the 
transaction, a date of the transaction and a the time of the transaction 

Claim 53-56 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Anderson'202, and further in view of Goldsmith'990. 

As per claim 53. 
Anderson'202 discloses; 

receiving a request from a medical professional to access medical information at 
a remote location. Fig. 26 

wherein the request includes a digital credential for the medical professional; 

Fig.26 
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communicating transaction information describing the access request and the 
digital credential to a credential verification service; Fig 26 

receiving a verification result from the credential verification service; Fig. 26 

providing the medical professional access to the medical information based on 
the verification result; Fig. 26 

Anderson'202 discloses the claimed invention except for receiving an activity 
report from the credential verification service and wherein the activity report lists the 
transaction information, the digital credential and the transaction result. Sudia'616 
teaches that it is known to receive an activity report from the credential verification 
service and wherein the activity report lists the transaction information, the digital 
credential and the transaction result. It would have been obvious to one having ordinary 
skill in the art at the time the invention was made to receive an activity report from the 
credential verification service and wherein the activity report list the transaction 
information, the digital credential and the transaction result as taught by Sudia'616. 

As per claim 54. 
Anderson'202 further discloses; 

wherein the transaction information includes at least an access type, a date of 
the transaction and a time of the transaction. Fig. 6. 
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As per claim 55. 
Anderson'202 further discloses; 

wherein the digital credential was provided by a credential issuing service and a 
credential service provider Fig.24 

As per claim 56. 
Anderson'202 further discloses; 

receiving a request to access the activity report from an owner of the digital 
credential; Col.31, lines 10-67 

providing the owner access to the activity report. Col. 31 , lines 10-67 

Examiner's Note: Examiner has cited particular columns and line numbers in the 
references as applied to the claims below for the convenience of the applicant. 
Although the specified citations are representative of the teachings in the art and are 
applied to the specific limitations within the individual claim, other passages and figures 
may apply as well. It is respectfully requested from the applicant, in preparing the 
responses, to fully consider the references in entirety as potentially teaching all or part 
of the claimed invention, as well as the context of the passage as taught by the prior art 
or disclosed by the examiner. 
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Conclusion 



Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 





Application/Control Number: 09/608,402 



Page 28 



Art Unit: 3621 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Daniel L. Greene whose telephone number is 703-306- 
5539. The examiner can normally be reached on M-Thur 8am-6pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James P. Trammell can be reached on 703-305-9768. The fax phone 
numbers for the organization where this application or proceeding is assigned are 703- 
305-7687 for regular communications and 703-305-7687 for After Final 
communications. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 703-308- 
1113. 



DLG 

May 12,2003 




